Archive for May, 2019

Cybersecurity threats are not new; however, they have gained momentum as the intensity and volume of attacks has increased in recent years. A mix of sophisticated old threats and new zero-day attacks have given rise to the need for new cyber security techniques.

In order to formulate effective cyber security strategies, it is important to understand different types of rising security threats:

Insecure API: API refers to Application Programing & User Interface. When an organization sources a cloud service from a service provider, the interface is not used by a single client. It is shared by numerous other users; thus, the organization cannot control the security of interface. As a client, organizations should make sure that the service provider incorporates stringent security measures starting from authentication to encryption.

Direct Data Center & Cloud Attacks: The cyber attackers launch these attacks by locating vulnerabilities in applications and exploiting them to enter a cloud network. Generally exploited vulnerabilities are insecure passwords and lack of proper authentication. Once the cyber attackers gain access, they can move across the applications & data centers freely. Such attacks are not easily spotted by the compromised organizations.

Crypto-jacking: As cryptocurrency is gaining popularity, cryptocurrency attacks are also rising. Crypto-jacking is the term used for unauthentic use of someone’s computer for mining cryptocurrency. The crypto mining code is either encrypted in a link which is sent to the victim via a phishing e-mail or it is loaded in an infectious online ad or website. Once the user clicks on the link, the code is installed on his computer. However, in case of infected ad or website, the code is not loaded on victim’s computer. As the website or ad pops up in victim’s browser, the code is auto-executed. Unlike ransomware, crypto mining code does not harm user’s personal data but uses CPU resources which results in slow processing.

Advanced Persistent Threat (APT): In APT, the hacker breaches a network but stays undetected for a long time; thus, increasing his dwelling period instead of asking for instant ransom. The main motive is to steal information or security data unobtrusively. The breach could be caused by using malware, exploit kits or by piggybacking on legitimate traffic. Once breached, the attackers could steal login credentials to move across the network easily.

IoT Attacks: IoT now includes laptops, tablets, routers, webcams, smart watches, wearable devices, automobiles, home electronics, etc. As IoT is becoming more ubiquitous and number of connected devices is increasing, cyber criminals are targeting the IoT networks for cyber invasions & infections. Once they gain access to a network, cyber criminals can program the devices to create chaos, lock down essential devices for financial ransom, overload the network, etc.

The term End Point Detection & Response (EDR) was first coined by Anton Chuvakin in July 2013. It is used to define ‘the tools that are primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints’.

EDR works by collecting data related to endpoint events using a software. This data is sent to a centralized database where further analysis, investigation & reporting is conducted by analytical tools. These tools pay heed to both internal as well as external threats. They respond to these threats while identifying the upgrades required for strengthening the organization’s cyber security. The traditional EDR tools have been successful in creating visibility and remediation of stealthy threats. However, the cybercrimes have evolved and this has led to a need for better and evolved EDR tools.

Following are some gaps between traditional EDR and modern threats that have given birth to the need for next-generation solutions:

EDR requires cloud connectivity and an analyst has to wait for cloud response to take action. This results in a delay in protecting end devices. However, the cyber threats no longer target a single user and are capable of spreading over the entire organization, encrypting data and removing traces of attack in mere seconds.

The attackers make use of tools already available on a computer to incorporate scripts that run directly in the memory. These in-memory file-less attacks do not leave behind a trail and may not be detected by traditional EDR tools.

To provide visibility, EDR creates a high amount of data and analysis; thus, these solutions are not scalable and require extensive resources like bandwidth, skilled workforce, etc.

EDR does not provide visibility into lateral network. If a threat makes its way into organizational network, it can move through connected devices and covertly communicate with a remote control server without being detected or interrupted.

In the world of ever developing cyber threats, it has become important to make a shift towards next generation EDR solutions that make use of artificial intelligence to detect threats in real time. It is advisable to use a collaboration of various security solutions to create a multi-layer cyber security shield. New EDR solutions offer wider features:

Detect and prevent hidden exploits that are more complex than a simple hash signature.

Enter Your Email To Get Posts Sent Directly To You

Social Networks

Author

Abdul Subhani

I am the President & CEO of
Centex Technologies Microsoft Small Business Specialist, Certified E-Commerce Consultant, Certified Ethical Hacker, Certified Fraud Examiner, Virtual Instructor and an IT Consultant/Speaker on IT Security, Networking, Small Business Architect, & SEO Internet Marketing.

Certifications

Links

Twitter posts

We've been nominated for Small Business of the Year, Best I.T. Company, Young Entrepreneur of the Year, and CEO of the Year. Register and search for myself or Centex Technologies. It will only take you 5 minutes and I would greatly…lnkd.in/eqhaUXplnkd.in/erfAizd